EldoS | Feel safer!

Software components for data protection, secure storage and transfer

error occured while enabling SSL/TLS on command channel

Posted: 06/10/2008 12:33:12
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

i'm trying to connect to an ftps server with Biztalk secureblackbox. Authentication is done with certificate and auth TLS is used but i get the following error on Biztalk:
[9/6/2008 5:28 ??] EldoS FTPS Adapter: Adding receiver endpoint
[9/6/2008 5:28 ??] EldoS FTPS Adapter: Start()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: ControlledEndpointTask()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: EndpointTask()
[9/6/2008 5:28 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() RemotePath: CardRsp/ FileMask: *.regf LocalFile: D:\Ingenico\
[9/6/2008 5:29 ??] EldoS FTPS Adapter: SSL protocol error: 75782
[9/6/2008 5:29 ??] EldoS FTPS Adapter: Error: Error occured while enabling SSL/TLS on command channel

at SBSimpleFTPS.TElSimpleFTPSClient.EstablishSSLSession()
at SBSimpleFTPS.TElSimpleFTPSClient.Login()
at SecureBlackbox.BizTalk.Adapters.FTPS.FTPSCommon.DoFTPSOperation(IBaseMessage message, AdapterProperties props, Boolean upload, ArrayList fileList)
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() downloaded 0 files.
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() No files to submit
[9/6/2008 5:29 ??] EldoS FTPS Adapter: PickupFilesAndSubmit() Deleting 0 local files

in the server side i get the following error:
" 550 - - root [09/Jun/2008:16:21:15 +0200] "

in the certificate path of the SSL/TLS settings i set the full path to the .pfx file and i have Trust All to yes.

WSFTP works fine

can you help me with this?
Posted: 06/10/2008 12:53:57
by Eugene Mayevski (Team)

The error code stands for "handshake failure" and can be caused by a number of reasons. The easiest would be for us to attempt to connect ourselves and see what's going on there.

Is the server publicly accessible? You don't need to post address or credentials at the moment, but if it's accessible and you can give some test access, we will move this question to HelpDesk for investigation.

Also, as you mentioned the PFX file, do you need to perform client-side authentication with the certificate? Or what this file is for?

Sincerely yours
Eugene Mayevski
Posted: 06/10/2008 13:11:47
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

pfx file is used for client authentication to the ftps server.

what type of access do you need? server is not internet facing but i can use a pc which has internet access and remote desktop connection to Biztalk server.
Posted: 06/10/2008 13:36:27
by Eugene Mayevski (Team)

We need not a biztalk server, but FTP(S) server access. In fact, our developers will be able to create a diagnostics application for you which will let you connect to the server and get some more detailed information. The developer will answer in details tomorrow.

Sincerely yours
Eugene Mayevski
Posted: 06/10/2008 13:45:09
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

FTPs server is located on a partner of us. We cannot have console access on ftps server. We can only connect on ftps server from the Biztalk (with WSFTP ftps session or your diagnostics application), and can request connection logs from out partner.
Posted: 06/11/2008 01:15:09
by Ken Ivanov (Team)

It's a good idea to set up the most liberal configuration for the adapter and try to connect to the server with it. Please use the following values for the SSL-related properties (SSL misconfiguration seems to be a reason for the problem):
* "Use SSL/TLS" to true,
* "Trust All" to true,
* "Clear Data Channel" to false,
* "Auth Command" to Autodetect,
* Enable SSL2, SSL3 and TLS1 versions (leave TLS 1.1 and TLS 1.2 disabled),
* Put the path to your client-side certificate to the "Certificate Path" property and the appropriate password to the "Certificate Password" property,
* Put the SBB license key to the "SecureBlackbox License Key" property,
* Leave anonymous, PSK-, SRP- and IDEA-based ciphersuites disabled,
* Set minimal symmetric key length to 56.
Posted: 06/11/2008 02:28:40
by Dimitris Chronis (Basic support level)
Joined: 06/10/2008
Posts: 4

i tried these settings but i get the same error. in the "Certificate Path" should i type the path to the .pfx file or the path to the folder that contains the .pfx file?
Posted: 06/11/2008 02:45:57
by Ken Ivanov (Team)

Let's continue the conversation in the Helpdesk, as Forum does not allow to post big files. I have created a ticket for you.



Topic viewed 15154 times

Number of guests: 3, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!